Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gameharbor, I have tried a fixlist posted elsewhere but it doesn't work.


  • This topic is locked This topic is locked
10 replies to this topic

#1 Drogon

Drogon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 September 2014 - 03:55 AM

I too have the GameHarbor running on startup.

 

I have ran the fixlist posted in: http://www.bleepingcomputer.com/forums/t/545216/gameharbororg-extentedunlimited-malware/ but it's not working.Here's the fixlog I got after running it:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Thierry at 2014-09-10 10:49:45 Run:2
Running from C:\Users\Thierry\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-1696983198-4037134883-1275287553-1002\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
cmd: bitsadmin /reset /allusers
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
emptytemp:
end
 
*****************
 
HKU\S-1-5-21-1696983198-4037134883-1275287553-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => Value not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
"C:\ProgramData\SetStretch.exe" => File/Directory not found.
"C:\ProgramData\SetStretch.VBS" => File/Directory not found.
EmptyTemp: => Removed 12.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


BC AdBot (Login to Remove)

 


#2 Drogon

Drogon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 September 2014 - 03:59 AM

In case the above log is useless, here's the result from a scan I made of the computer, FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Thierry (administrator) on THIERRY-PC on 10-09-2014 10:55:56
Running from C:\Users\Thierry\Desktop
Platform: Windows 8.1 Pro (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
() D:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.221\deploy\LoLLauncher.exe
() D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.5\deploy\LoLPatcher.exe
() D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.5\deploy\LoLPatcher.exe
() D:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.5\deploy\LoLPatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x595AA3A9D8AFCF01
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={DD2CA40E-269B-4EA3-BFA9-21AD8BCC5549}&mid=4e6eeab3b1af47d29dd3d16d670166c3-6d54b981bf30c74b2374a5434141c8bc2bb0417a&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-19 10:42:03&v=17.3.1.91&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "hxxp://google.nl/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Documenten) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-04]
CHR Extension: (Google Drive) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-04]
CHR Extension: (YouTube) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-04]
CHR Extension: (Adblock Plus) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-04]
CHR Extension: (Pushbullet) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-08-10]
CHR Extension: (Google Zoeken) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-04]
CHR Extension: (Ocean Pacific) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi [2014-08-04]
CHR Extension: (XKit) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-08-04]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-08-15]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-08-04]
CHR Extension: (Hola Beter Internet) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-08-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-04]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2014-08-04]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2014-08-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-04]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-08-04]
CHR Extension: (Enhanced Steam) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-08-04]
CHR Extension: (Gmail) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-04]
CHR Profile: C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Documenten) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-10]
CHR Extension: (Google Drive) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (YouTube) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-10]
CHR Extension: (Google Zoeken) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Gmail) - C:\Users\Thierry\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe [51016 2014-07-17] (Google Inc.)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-08-04] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-08-04] (Microsoft Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
R1 RzFilter; C:\WINDOWS\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [34984 2014-05-19] (Razer Inc)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-04] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
U3 idsvc; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 10:55 - 2014-09-10 10:57 - 00015569 _____ () C:\Users\Thierry\Desktop\FRST.txt
2014-09-10 10:40 - 2014-09-10 10:56 - 00000000 ____D () C:\FRST
2014-09-10 10:40 - 2014-09-10 10:40 - 02105344 _____ (Farbar) C:\Users\Thierry\Desktop\FRST64.exe
2014-09-07 18:22 - 2014-09-07 18:22 - 00000470 _____ () C:\Users\Thierry\Desktop\mail.txt
2014-09-06 16:34 - 2014-09-06 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-09-04 23:46 - 2014-09-04 23:46 - 00000000 ____D () C:\ArcheAge
2014-09-04 16:52 - 2014-09-04 17:16 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-04 16:52 - 2014-09-04 16:54 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Origin
2014-09-04 16:52 - 2014-09-04 16:52 - 00000704 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-04 16:52 - 2014-09-04 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-04 16:09 - 2014-09-10 10:36 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\tixati
2014-09-04 16:09 - 2014-09-04 16:09 - 00000674 _____ () C:\Users\Thierry\Desktop\Tixati.lnk
2014-09-04 16:09 - 2014-09-04 16:09 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2014-09-03 23:24 - 2014-09-03 23:24 - 00000714 _____ () C:\Users\Thierry\Desktop\Glyph.lnk
2014-09-03 23:24 - 2014-09-03 23:24 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Glyph
2014-09-03 23:24 - 2014-09-03 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-03 23:24 - 2014-09-03 23:24 - 00000000 ____D () C:\ProgramData\Glyph
2014-09-01 14:24 - 2014-09-01 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 14:24 - 2014-09-01 14:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 14:24 - 2014-09-01 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-31 21:34 - 2014-09-10 10:08 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Last.fm
2014-08-31 21:34 - 2014-08-31 21:34 - 00000682 _____ () C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
2014-08-31 21:34 - 2014-08-31 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2014-08-31 21:34 - 2014-08-31 21:34 - 00000000 ____D () C:\ProgramData\Last.fm
2014-08-21 13:45 - 2014-08-21 13:45 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-21 13:45 - 2014-08-21 13:45 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-21 11:28 - 2014-08-21 11:28 - 00001062 _____ () C:\Users\Public\Desktop\The Sims™ 3.lnk
2014-08-21 11:28 - 2014-08-21 11:28 - 00001031 _____ () C:\Users\Public\Desktop\The Sims™ 3 Without Launcher.lnk
2014-08-21 11:28 - 2014-08-21 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims™ 3 + All Expansions
2014-08-21 11:28 - 2014-08-21 11:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-08-21 10:49 - 2014-08-21 10:49 - 00000000 ___HD () C:\Program Files (x86)\Installshield Installation Information
2014-08-20 18:42 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2014-08-20 18:42 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2014-08-20 18:42 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2014-08-20 18:42 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2014-08-20 18:42 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2014-08-20 18:42 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2014-08-20 18:42 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2014-08-20 18:42 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2014-08-20 18:42 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2014-08-20 18:42 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2014-08-20 18:42 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2014-08-20 18:42 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2014-08-20 18:42 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2014-08-20 18:42 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2014-08-20 18:42 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2014-08-20 18:42 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2014-08-20 18:42 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2014-08-20 18:42 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2014-08-20 18:42 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2014-08-20 18:42 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2014-08-20 18:42 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2014-08-20 18:42 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2014-08-20 18:42 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2014-08-20 18:42 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2014-08-20 18:42 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2014-08-20 18:42 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2014-08-20 18:42 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2014-08-20 18:42 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2014-08-20 18:42 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2014-08-20 18:42 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2014-08-20 18:42 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2014-08-20 18:42 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2014-08-20 18:42 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2014-08-20 18:42 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2014-08-20 18:42 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2014-08-20 18:42 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2014-08-20 18:42 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2014-08-20 18:42 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2014-08-20 18:42 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2014-08-20 18:42 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2014-08-20 18:42 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2014-08-20 18:42 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2014-08-20 18:42 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2014-08-20 18:42 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2014-08-20 18:42 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2014-08-20 18:42 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2014-08-20 18:42 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2014-08-20 18:42 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2014-08-20 18:42 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2014-08-20 18:42 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2014-08-20 18:42 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2014-08-20 18:42 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2014-08-20 18:42 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2014-08-20 18:42 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2014-08-20 18:42 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2014-08-20 18:42 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2014-08-20 18:42 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2014-08-20 18:42 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2014-08-20 18:42 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2014-08-20 18:42 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2014-08-20 18:42 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2014-08-20 18:42 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2014-08-20 18:42 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2014-08-20 18:42 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2014-08-20 18:42 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2014-08-20 18:42 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2014-08-20 18:42 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2014-08-20 18:42 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2014-08-20 18:42 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2014-08-20 18:42 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2014-08-20 18:42 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2014-08-20 18:42 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2014-08-20 18:42 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2014-08-20 18:42 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2014-08-20 18:42 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2014-08-20 18:42 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2014-08-20 18:42 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2014-08-20 18:42 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2014-08-20 18:42 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2014-08-20 18:42 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2014-08-20 18:42 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2014-08-20 18:42 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2014-08-20 18:42 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2014-08-20 18:42 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2014-08-20 18:42 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2014-08-20 18:42 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2014-08-20 18:42 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2014-08-20 18:42 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2014-08-20 18:42 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2014-08-20 18:42 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2014-08-20 18:42 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2014-08-20 18:42 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2014-08-20 18:42 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2014-08-20 18:42 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2014-08-20 18:42 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2014-08-20 18:42 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2014-08-20 18:42 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2014-08-20 18:42 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2014-08-20 18:42 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2014-08-20 18:42 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2014-08-20 18:42 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2014-08-20 18:41 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2014-08-20 18:41 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2014-08-20 18:41 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2014-08-20 18:41 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2014-08-20 18:41 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2014-08-20 18:41 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2014-08-20 18:41 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2014-08-20 18:41 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2014-08-20 18:41 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2014-08-20 18:41 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2014-08-20 18:41 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2014-08-20 18:41 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2014-08-20 18:41 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2014-08-20 18:41 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2014-08-20 18:41 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2014-08-20 18:41 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2014-08-20 18:41 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2014-08-20 18:41 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2014-08-20 18:41 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2014-08-20 18:41 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2014-08-20 18:41 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2014-08-20 18:41 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2014-08-20 18:41 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2014-08-20 18:41 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2014-08-20 18:41 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2014-08-20 18:41 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2014-08-20 18:41 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2014-08-20 18:41 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2014-08-20 18:41 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2014-08-20 18:41 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2014-08-20 18:41 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2014-08-20 18:41 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2014-08-20 18:41 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2014-08-20 18:41 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2014-08-20 18:41 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2014-08-20 18:41 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2014-08-20 18:41 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2014-08-20 18:41 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2014-08-20 18:41 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2014-08-20 18:41 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2014-08-20 17:23 - 2014-08-20 17:23 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Logitech
2014-08-20 17:23 - 2014-08-20 17:23 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-08-20 17:21 - 2014-08-20 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-20 17:20 - 2014-08-20 17:22 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-08-20 17:15 - 2014-08-20 17:15 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Logitech
2014-08-20 17:15 - 2014-08-20 17:15 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Logishrd
2014-08-18 15:16 - 2014-09-10 09:24 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\TS3Client
2014-08-18 15:16 - 2014-08-18 15:16 - 00001089 _____ () C:\Users\Thierry\Desktop\TeamSpeak 3 Client.lnk
2014-08-18 15:16 - 2014-08-18 15:16 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-18 15:05 - 2014-09-10 10:52 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Skype
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Skype
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ____D () C:\ProgramData\Skype
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-17 09:20 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-17 09:20 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 09:20 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-17 09:20 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-17 09:20 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-17 09:20 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-17 09:20 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-17 09:20 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-17 09:20 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-17 09:20 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-17 09:20 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-17 09:20 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 09:20 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-17 09:20 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-17 09:20 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-17 09:20 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 09:20 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 09:20 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-17 09:20 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-17 09:20 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 09:20 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-17 09:20 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-17 09:20 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 09:20 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 09:20 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-17 09:20 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 09:20 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 09:20 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 09:20 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 09:20 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-17 09:20 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-17 09:20 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-17 09:20 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-17 09:20 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 09:20 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 09:20 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-17 09:20 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-17 09:20 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-17 09:20 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-17 09:20 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-17 09:20 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-17 09:18 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-17 09:18 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-17 09:18 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-17 09:18 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-17 09:18 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 09:18 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 09:17 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-17 09:17 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-17 09:17 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-17 09:17 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-17 09:17 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-17 09:17 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-17 09:17 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-17 09:17 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-17 09:17 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-17 09:17 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 09:17 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-17 09:17 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-16 21:34 - 2014-08-16 21:34 - 00000000 ____D () C:\Users\Thierry\AppData\Local\CrashRpt
2014-08-16 21:30 - 2014-09-04 17:09 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Origin
2014-08-16 21:28 - 2014-09-06 20:34 - 00000000 ____D () C:\ProgramData\Origin
2014-08-16 19:06 - 2014-09-01 13:37 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2 Gw2FeatureLivingWorld2a
2014-08-16 18:17 - 2014-08-30 14:17 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2 Gw2FeatureBatch1
2014-08-16 18:15 - 2014-08-30 14:17 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2 Gw2Dev
2014-08-15 21:58 - 2014-09-10 10:51 - 00037888 ___SH () C:\Users\Thierry\Desktop\Thumbs.db
2014-08-15 21:58 - 2014-08-20 17:32 - 00000000 ____D () C:\Users\Thierry\Desktop\Android
2014-08-15 21:33 - 2014-08-15 21:33 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\WinRAR
2014-08-15 21:32 - 2014-08-15 21:32 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-15 21:32 - 2014-08-15 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-15 20:07 - 2014-08-15 20:07 - 00001001 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-08-15 20:07 - 2014-08-15 20:07 - 00000000 ____D () C:\Users\Thierry\AppData\Local\paint.net
2014-08-15 20:05 - 2014-08-15 20:05 - 00000000 __SHD () C:\Users\Thierry\AppData\Local\EmieUserList
2014-08-15 20:05 - 2014-08-15 20:05 - 00000000 __SHD () C:\Users\Thierry\AppData\Local\EmieSiteList
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Google
2014-08-15 15:57 - 2014-09-10 00:28 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\vlc
2014-08-15 15:55 - 2014-08-15 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-15 13:39 - 2014-08-15 13:39 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\LolClient
2014-08-15 13:16 - 2014-08-15 13:16 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-15 13:12 - 2014-08-15 13:12 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-08-15 13:12 - 2014-08-15 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-08-15 13:12 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2014-08-15 13:12 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2014-08-15 13:12 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2014-08-15 13:12 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2014-08-15 13:12 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2014-08-15 13:07 - 2014-09-10 10:56 - 00000000 ____D () C:\Users\Thierry\AppData\Local\PMB Files
2014-08-15 13:07 - 2014-09-10 10:33 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-15 13:06 - 2014-08-15 13:06 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Riot Games
2014-08-15 13:06 - 2014-08-15 13:06 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-15 10:27 - 2014-08-15 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-15 10:26 - 2014-08-15 10:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-15 10:26 - 2014-08-15 10:27 - 00000000 ____D () C:\Program Files\iTunes
2014-08-15 10:26 - 2014-08-15 10:26 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 10:57 - 2014-09-10 10:55 - 00015569 _____ () C:\Users\Thierry\Desktop\FRST.txt
2014-09-10 10:56 - 2014-09-10 10:40 - 00000000 ____D () C:\FRST
2014-09-10 10:56 - 2014-08-15 13:07 - 00000000 ____D () C:\Users\Thierry\AppData\Local\PMB Files
2014-09-10 10:56 - 2014-08-04 14:27 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699984904-1535399873-3805889171-1001
2014-09-10 10:55 - 2014-08-04 13:50 - 00001058 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 10:54 - 2014-08-04 17:37 - 01403857 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-10 10:53 - 2014-08-04 17:43 - 00000000 ___DO () C:\Users\Thierry\OneDrive
2014-09-10 10:53 - 2014-08-04 13:50 - 00001054 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 10:52 - 2014-08-18 15:05 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Skype
2014-09-10 10:51 - 2014-08-15 21:58 - 00037888 ___SH () C:\Users\Thierry\Desktop\Thumbs.db
2014-09-10 10:51 - 2014-03-18 09:18 - 00228236 _____ () C:\WINDOWS\PFRO.log
2014-09-10 10:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 10:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-10 10:49 - 2014-03-18 17:28 - 01823174 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-10 10:49 - 2014-03-18 17:00 - 00805462 _____ () C:\WINDOWS\system32\perfh013.dat
2014-09-10 10:49 - 2014-03-18 17:00 - 00161964 _____ () C:\WINDOWS\system32\perfc013.dat
2014-09-10 10:40 - 2014-09-10 10:40 - 02105344 _____ (Farbar) C:\Users\Thierry\Desktop\FRST64.exe
2014-09-10 10:36 - 2014-09-04 16:09 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\tixati
2014-09-10 10:33 - 2014-08-15 13:07 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-10 10:08 - 2014-08-31 21:34 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Last.fm
2014-09-10 10:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-10 09:24 - 2014-08-18 15:16 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\TS3Client
2014-09-10 09:02 - 2014-08-04 15:07 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2
2014-09-10 00:28 - 2014-08-15 15:57 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\vlc
2014-09-10 00:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-09 17:41 - 2014-08-04 17:29 - 00000000 ____D () C:\Users\Thierry
2014-09-09 11:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-07 18:22 - 2014-09-07 18:22 - 00000470 _____ () C:\Users\Thierry\Desktop\mail.txt
2014-09-07 11:45 - 2013-08-22 16:46 - 00302215 _____ () C:\WINDOWS\setupact.log
2014-09-06 20:34 - 2014-08-16 21:28 - 00000000 ____D () C:\ProgramData\Origin
2014-09-06 16:36 - 2014-09-06 16:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-09-04 23:46 - 2014-09-04 23:46 - 00000000 ____D () C:\ArcheAge
2014-09-04 17:16 - 2014-09-04 16:52 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-09-04 17:09 - 2014-08-16 21:30 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Origin
2014-09-04 17:05 - 2014-08-04 14:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-04 16:54 - 2014-09-04 16:52 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Origin
2014-09-04 16:52 - 2014-09-04 16:52 - 00000704 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-09-04 16:52 - 2014-09-04 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-09-04 16:18 - 2014-08-04 14:44 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\uTorrent
2014-09-04 16:09 - 2014-09-04 16:09 - 00000674 _____ () C:\Users\Thierry\Desktop\Tixati.lnk
2014-09-04 16:09 - 2014-09-04 16:09 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2014-09-03 23:24 - 2014-09-03 23:24 - 00000714 _____ () C:\Users\Thierry\Desktop\Glyph.lnk
2014-09-03 23:24 - 2014-09-03 23:24 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Glyph
2014-09-03 23:24 - 2014-09-03 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-03 23:24 - 2014-09-03 23:24 - 00000000 ____D () C:\ProgramData\Glyph
2014-09-03 16:54 - 2014-08-04 15:06 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2 Gw2FeatureLivingWorld1
2014-09-01 14:24 - 2014-09-01 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 14:24 - 2014-09-01 14:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 14:24 - 2014-09-01 14:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 13:37 - 2014-08-16 19:06 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2 Gw2FeatureLivingWorld2a
2014-08-31 21:34 - 2014-08-31 21:34 - 00000682 _____ () C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
2014-08-31 21:34 - 2014-08-31 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2014-08-31 21:34 - 2014-08-31 21:34 - 00000000 ____D () C:\ProgramData\Last.fm
2014-08-30 14:17 - 2014-08-16 18:17 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2 Gw2FeatureBatch1
2014-08-30 14:17 - 2014-08-16 18:15 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Guild Wars 2 Gw2Dev
2014-08-21 13:45 - 2014-08-21 13:45 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-21 13:45 - 2014-08-21 13:45 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-21 11:28 - 2014-08-21 11:28 - 00001062 _____ () C:\Users\Public\Desktop\The Sims™ 3.lnk
2014-08-21 11:28 - 2014-08-21 11:28 - 00001031 _____ () C:\Users\Public\Desktop\The Sims™ 3 Without Launcher.lnk
2014-08-21 11:28 - 2014-08-21 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims™ 3 + All Expansions
2014-08-21 11:28 - 2014-08-21 11:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft WSE
2014-08-21 10:50 - 2014-08-04 18:30 - 00028039 _____ () C:\WINDOWS\DirectX.log
2014-08-21 10:49 - 2014-08-21 10:49 - 00000000 ___HD () C:\Program Files (x86)\Installshield Installation Information
2014-08-20 21:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-20 17:32 - 2014-08-15 21:58 - 00000000 ____D () C:\Users\Thierry\Desktop\Android
2014-08-20 17:23 - 2014-08-20 17:23 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Logitech
2014-08-20 17:23 - 2014-08-20 17:23 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-08-20 17:22 - 2014-08-20 17:20 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-08-20 17:21 - 2014-08-20 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-20 17:15 - 2014-08-20 17:15 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Logitech
2014-08-20 17:15 - 2014-08-20 17:15 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Logishrd
2014-08-18 15:16 - 2014-08-18 15:16 - 00001089 _____ () C:\Users\Thierry\Desktop\TeamSpeak 3 Client.lnk
2014-08-18 15:16 - 2014-08-18 15:16 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ____D () C:\Users\Thierry\AppData\Local\Skype
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ____D () C:\ProgramData\Skype
2014-08-18 15:05 - 2014-08-18 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-17 10:20 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-17 09:23 - 2014-08-04 16:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-17 09:23 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-17 09:22 - 2014-08-04 16:02 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-17 09:21 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-17 09:20 - 2013-08-22 05:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-17 09:20 - 2013-08-22 05:16 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-17 09:19 - 2014-03-18 17:30 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-17 09:19 - 2014-03-18 17:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-17 09:19 - 2014-03-18 17:30 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-17 09:19 - 2013-08-22 13:45 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-17 09:19 - 2013-08-22 13:44 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-17 09:19 - 2013-08-22 13:22 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-17 09:19 - 2013-08-22 13:21 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-17 09:19 - 2013-08-22 13:10 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-17 09:19 - 2013-08-22 13:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-17 09:19 - 2013-08-22 12:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-17 09:19 - 2013-08-22 06:17 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-17 09:19 - 2013-08-22 05:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-17 09:19 - 2013-08-22 05:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-17 09:19 - 2013-08-22 05:40 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-16 21:34 - 2014-08-16 21:34 - 00000000 ____D () C:\Users\Thierry\AppData\Local\CrashRpt
2014-08-15 21:33 - 2014-08-15 21:33 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\WinRAR
2014-08-15 21:32 - 2014-08-15 21:32 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-15 21:32 - 2014-08-15 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-15 20:07 - 2014-08-15 20:07 - 00001001 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-08-15 20:07 - 2014-08-15 20:07 - 00000000 ____D () C:\Users\Thierry\AppData\Local\paint.net
2014-08-15 20:05 - 2014-08-15 20:05 - 00000000 __SHD () C:\Users\Thierry\AppData\Local\EmieUserList
2014-08-15 20:05 - 2014-08-15 20:05 - 00000000 __SHD () C:\Users\Thierry\AppData\Local\EmieSiteList
2014-08-15 17:02 - 2014-08-15 17:02 - 00000000 ____D () C:\ProgramData\Google
2014-08-15 17:01 - 2014-08-04 13:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-15 15:55 - 2014-08-15 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-15 13:39 - 2014-08-15 13:39 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\LolClient
2014-08-15 13:16 - 2014-08-15 13:16 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-15 13:12 - 2014-08-15 13:12 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-08-15 13:12 - 2014-08-15 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-08-15 13:06 - 2014-08-15 13:06 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Riot Games
2014-08-15 13:06 - 2014-08-15 13:06 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-15 10:27 - 2014-08-15 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-15 10:27 - 2014-08-15 10:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-15 10:27 - 2014-08-15 10:26 - 00000000 ____D () C:\Program Files\iTunes
2014-08-15 10:26 - 2014-08-15 10:26 - 00000000 ____D () C:\Program Files\iPod
2014-08-15 10:24 - 2014-08-04 14:32 - 00000000 ____D () C:\Users\Thierry\AppData\Roaming\Apple Computer
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-08 11:05
 
==================== End Of Log ============================


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:54 AM

Posted 10 September 2014 - 04:14 AM

Hi,

 

Do not follow other instructions, not written for your system. They would not work optimally.

 

 

Please download the following file => [attachment=154415:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 

Regards,
Georgi


cXfZ4wS.png


#4 Drogon

Drogon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 September 2014 - 07:07 AM

Seems to have worked, thanks!

 

Question: has this simply turned off the auto-startup of the page or have all files that were causing it also been deleted from my PC?

 

Here's the log: 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Thierry at 2014-09-10 14:02:43 Run:3
Running from C:\Users\Thierry\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={DD2CA40E-269B-4EA3-BFA9-21AD8BCC5549}&mid=4e6eeab3b1af47d29dd3d16d670166c3-6d54b981bf30c74b2374a5434141c8bc2bb0417a&lang=nl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-01-19 10:42:03&v=17.3.1.91&pid=safeguard&sg=&sap=hp
emptytemp:
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
Chrome HomePage deleted successfully.
EmptyTemp: => Removed 151.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Edited by Drogon, 10 September 2014 - 07:07 AM.


#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:54 AM

Posted 10 September 2014 - 07:15 AM

Hi,

 

There are no files to be removed. As I said in the previous thread:

 

I removed the startup entry that triggered a cmd command execution.

 

HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

 

The reason the fix you used didn't work is that the registry SID is different on every computer

 

HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.

 

Hope that explains the things better. :)

 

 

 

Regards,

Georgi


cXfZ4wS.png


#6 Drogon

Drogon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 10 September 2014 - 07:21 AM

Hi,

 

There are no files to be removed. As I said in the previous thread:

 

I removed the startup entry that triggered a cmd command execution.

 

HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

 

The reason the fix you used didn't work is that the registry SID is different on every computer

 

HKU\S-1-5-21-1699984904-1535399873-3805889171-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.

 

Hope that explains the things better. :)

 

 

 

Regards,

Georgi

Alright, thanks for the explanation and thank you so much for helping me getting rid of it!



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:54 AM

Posted 10 September 2014 - 10:56 AM

Hi,

 

Before I let you free I'd like us to scan your machine with ESET OnlineScan to be completely sure your pc is malware free.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

Also let's check for outdated and vulnerable software on your pc:

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe to run it.
  • A notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:54 AM

Posted 12 September 2014 - 03:13 AM

Hi,

 

Are you still around? :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Drogon

Drogon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 September 2014 - 03:34 AM

Yes, I am. Did not see your post, sorry. Could I get back to you on this later? I don't have time to install/do the scan atm.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:54 AM

Posted 12 September 2014 - 04:00 AM

Yes, not a problem. I am just checking if I should keep the topic open or not. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:54 AM

Posted 09 October 2014 - 04:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users